BitLocker is a Microsoft Windows component designed to encrypt entire hard drive volumes using the highly popular AES encryption algorithm. BitLocker is included with select versions of Windows Vista and beyond out of the box. In order to enable BitLocker and encrypt any given hard drive volume using it, all a Windows user needs to do is open their Start Menu, search for BitLocker, open it, click on Turn on BitLocker and follow the onscreen instructions that follow. However, in order to be able to encrypt a hard drive volume using BitLocker, your computer needs to have a Trusted Platform Module (TPM) chip. BitLocker uses the TPM chip to run authentication checks on your computer’s hardware and software.
Also, in order to successfully encrypt a volume or your computer’s hard drive using BitLocker, you are going to need to enable your computer’s TPM chip (it is disabled by default). Doing so will require you to turn your computer off in the middle of enabling BitLocker and then manually turn it on again. However, sometimes, when a Windows user is instructed by the BitLocker wizard to turn off and then turn on their computer in order to turn on the TPM security hardware or when they run a BitLocker system check and their computer reboots, they receive the following error message:
“The Trusted Platform Module (TPM) was unable to unlock the drive. Either the system boot information changed after choosing BitLocker settings or the PIN did not match. If the problem persists after several tries, there may be a hardware or firmware problem.”
After this error message is displayed, BitLocker is not successfully enabled, and that’s where the actual problem lies. This can be quite aggravating for anyone who actually wants to encrypt one or more volumes of their hard drive using BitLocker, but fear not as this issue can be fixed fairly easily. In order to resolve this issue, you need to simply:
Press Windows Logo key + R to open a Run. Type gpedit.msc into the Run dialog and press Enter.
In the Group Policy Editor, navigate to the following directory:
Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives
And Double-click on Require additional authentication at startup.
Set the Require additional authentication at startup policy to Enabled in the resulting window. Click on Apply. Click on OK.
Try enabling BitLocker again, and you should no longer see any error messages and BitLocker should be enabled successfully.